Lucene search
K
TrianglemicroworksScada Data Gateway

22 matches found

CVE
CVE
added 2020/04/15 6:28 p.m.71 views

CVE-2020-10615

CVE-2020-10615 affects Triangle MicroWorks SCADA Data Gateway, specifically versions 3.02.0697–4.0.122 and 2.41.0213–4.0.122. The root cause is improper validation of the length of user-supplied data prior to copying into a fixed-length stack-based buffer, causing a stack-based buffer overflow. T...

7.5CVSS7.5AI score0.02568EPSS
CVE
CVE
added 2024/05/07 10:54 p.m.65 views

CVE-2022-0369

CVE-2022-0369 affects Triangle MicroWorks SCADA Data Gateway. The flaw is in the Restore Workspace feature where user-supplied paths are not properly validated, enabling a remote attacker to execute code with SYSTEM privileges and bypass authentication. Documented as a directory traversal RCE vul...

8.8CVSS7.5AI score0.02298EPSS
CVE
CVE
added 2024/05/03 1:59 a.m.65 views

CVE-2023-39462

CVE-2023-39462 affects Triangle MicroWorks SCADA Data Gateway. The vulnerability stems from improper validation in the processing of workspace files, allowing remote attackers to upload arbitrary files. Although authentication is required to exploit, the existing authentication mechanism can be b...

6.5CVSS6.8AI score0.01215EPSS
CVE
CVE
added 2024/05/03 1:59 a.m.65 views

CVE-2023-39465

CVE-2023-39465 is tied to Triangle MicroWorks SCADA Data Gateway . The issue is in the TmwCrypto class, due to the use of a hard-coded cryptographic key and a hard-coded certificate, enabling remote disclosure of sensitive information without authentication. The vulnerability is documented across...

7.5CVSS7.2AI score0.00707EPSS
CVE
CVE
added 2020/04/15 6:36 p.m.64 views

CVE-2020-10611

CVE-2020-10611 is a real, externally exploitable type-confusion vulnerability in Triangle MicroWorks SCADA Data Gateway (DNP3 Data Sets). The Red Hat and NVD entries confirm it affects versions 2.41.0213–4.0.122 and 3.02.0697–4.0.122, enabling remote code execution with no authentication required...

9.8CVSS9.7AI score0.05226EPSS
CVE
CVE
added 2013/09/09 10:0 a.m.62 views

CVE-2013-2793

CVE-2013-2793 affects Triangle MicroWorks SCADA Data Gateway (v2.50.0309–v3.00.0616), DNP3 .NET Protocol components (v3.06.0.171–v3.15.0.369), and DNP3 ANSI C libraries (v3.06.0000–v3.15.0000). The vulnerability is improper input validation that allows an attacker to cause a denial of service (in...

7.8CVSS6.8AI score0.0147EPSS
CVE
CVE
added 2024/05/03 1:59 a.m.62 views

CVE-2023-39463

The CVE-2023-39463 issue affects Triangle MicroWorks SCADA Data Gateway. The vulnerability lies in the trusted certification feature, specifically how OpcUaSecurityCertificateAuthorityTrustDir is handled, allowing an arbitrary file write with attacker-controlled data. This can let an attacker exe...

7.2CVSS7.5AI score0.01002EPSS
CVE
CVE
added 2014/05/30 11:0 p.m.61 views

CVE-2014-2342

Triangle MicroWorks SCADA Data Gateway vulnerable to DoS via crafted DNP3 packets. Affected: versions before 3.00.0635. Root cause: incorrect input validation leading to uncontrolled resource consumption (IP-connected DoS; serial connections also impacted with physical access). Impact: denial of ...

5CVSS6.7AI score0.01791EPSS
CVE
CVE
added 2024/05/03 1:59 a.m.59 views

CVE-2023-39458

Triangle MicroWorks SCADA Data Gateway contains a hard-coded default SSL certificate, allowing authentication bypass for network-adjacent attackers. The flaw is in certificate handling, enabling bypass of authentication on affected installations without required user interaction. Documents consis...

5.3CVSS5.4AI score0.00247EPSS
CVE
CVE
added 2024/05/03 1:59 a.m.59 views

CVE-2023-39466

CVE-2023-39466 applies to Triangle MicroWorks SCADA Data Gateway. The vulnerability is in the get_config endpoint, where lack of authentication allows remote attackers to disclose sensitive information without credentials. Root cause: missing authentication prior to accessing get_config functiona...

5.3CVSS5AI score0.00926EPSS
CVE
CVE
added 2014/05/30 11:0 p.m.58 views

CVE-2014-2343

The CVE concerns Triangle MicroWorks SCADA Data Gateway prior to 3.00.0635, where a crafted DNP3 request on a serial line can cause an input-validation-based DoS due to excessive data processing. A related Nessus entry and ICS-CERT advisory confirm a broader DoS risk in affected releases, with IP...

2.1CVSS6.5AI score0.00346EPSS
CVE
CVE
added 2024/05/03 1:59 a.m.58 views

CVE-2023-39459

CVE-2023-39459 affects Triangle MicroWorks SCADA Data Gateway. The flaw is in the processing of workspace files where user-supplied paths are not properly validated before file operations, enabling a local attacker to create arbitrary files in the Administrator context by enticing a target to vis...

7.8CVSS7.4AI score0.00954EPSS
CVE
CVE
added 2013/09/09 10:0 a.m.56 views

CVE-2013-2794

CVE-2013-2794 affects Triangle MicroWorks SCADA Data Gateway (v2.50.0309–v3.00.0616), DNP3 .NET Protocol components (v3.06.0.171–v3.15.0.369), and DNP3 ANSI C libraries (v3.06.0000–v3.15.0000). Root cause is improper input validation that can trigger an infinite loop, causing a DoS. IP-connected ...

4.9CVSS6.7AI score0.00317EPSS
CVE
CVE
added 2024/05/03 1:59 a.m.56 views

CVE-2023-39461

Product and vulnerability context: Triangle MicroWorks SCADA Data Gateway. The issue is an arbitrary file write vulnerability in the handling of event logs, caused by improper sanitization of log output. The weakness can allow an attacker to write arbitrary files and, in combination with other vu...

4.4CVSS5AI score0.01028EPSS
CVE
CVE
added 2024/05/03 1:59 a.m.56 views

CVE-2023-39467

Triangle MicroWorks SCADA Data Gateway is affected by an information-disclosure vulnerability related to the certificate web directory configuration. The flaw allows remote attackers to obtain sensitive data without authentication, via exposure of sensitive information in the application webroot....

5.3CVSS4.9AI score0.00539EPSS
CVE
CVE
added 2023/06/07 6:37 a.m.55 views

CVE-2023-2186

CVE-2023-2186 affects Triangle MicroWorks SCADA Data Gateway

9.8CVSS9.4AI score0.00706EPSS
CVE
CVE
added 2024/05/03 1:59 a.m.55 views

CVE-2023-39460

CVE-2023-39460 affects Triangle MicroWorks SCADA Data Gateway. The vulnerability lies in event log creation, where a user-supplied path is not properly validated before file operations, enabling directory traversal and arbitrary file creation. The root cause is inadequate validation of the path, ...

7.2CVSS7.1AI score0.02854EPSS
CVE
CVE
added 2024/05/03 1:59 a.m.53 views

CVE-2023-39464

The CVE-2023-39464 entry describes a remote code execution vulnerability in Triangle MicroWorks SCADA Data Gateway related to an unquoted path in the GTWWebMonitorService executable. The flaw’s root cause is the service path containing spaces not surrounded by quotation marks, enabling an attacke...

7.2CVSS7.5AI score0.01577EPSS
CVE
CVE
added 2024/05/03 1:59 a.m.53 views

CVE-2023-39468

Triangle MicroWorks SCADA Data Gateway is affected by CVE-2023-39468 via the DbasSectorFileToExecuteOnReset parameter handling, where an exposed dangerous function allows remote code execution in the SYSTEM context. The flaw requires authentication to exploit. Connected advisories (ZDI-23-1036 an...

7.2CVSS7.5AI score0.01486EPSS
CVE
CVE
added 2020/04/15 6:30 p.m.52 views

CVE-2020-10613

Triangle MicroWorks SCADA Data Gateway is affected by CVE-2020-10613 (and related CVEs) in versions 2.41.0213–4.0.122 and 3.02.0697–4.0.122 due to an out-of-bounds read from improper validation of user-supplied data in DNP3 Data Sets. The vulnerability allows remote attackers to disclose sensitiv...

7.5CVSS7.3AI score0.02493EPSS
CVE
CVE
added 2024/05/03 1:59 a.m.52 views

CVE-2023-39457

CVE-2023-39457 affects Triangle MicroWorks SCADA Data Gateway. The vulnerability stems from missing authentication in the default configuration, enabling a remote attacker to bypass authentication and execute arbitrary code with root privileges. Reported under ZDI-20501, the CVSSv3 vector is CVSS...

9.8CVSS9.8AI score0.01623EPSS
CVE
CVE
added 2023/06/07 6:42 a.m.48 views

CVE-2023-2187

CVE-2023-2187 affects Triangle MicroWorks’ SCADA Data Gateway (versions

5.3CVSS5.3AI score0.00593EPSS